Take stock of 9 types of security threats faced by small and medium-sized enterprises.

Nowadays, with the increasingly serious security threats, network security has become a major challenge for enterprises, especially for the development of small and medium-sized enterprises.

In particular, with the surge of telecommuting mode since the post-epidemic era, the network of small and medium-sized enterprises has become more vulnerable.

In general, it is difficult for small and medium-sized enterprises to have sufficient financial and human resources to invest in the network security strategy.

However, there are still many small and medium-sized enterprises taking chances, believing that cyber criminals are only aimed at large enterprises.

A survey from abroad shows that small enterprises generally do not pay enough attention to network security.

For example, 56% of people are not worried about becoming victims of data leaks in 2022.

Small and medium-sized enterprises in 1jump 3 only use free consumer-grade network security software, while small and medium-sized enterprises in 1apace 5 have no endpoint security measures at all.

However, the fact is that 61% of small and medium-sized businesses have suffered at least one cyber attack in the past 12 months.

And a Cisco study also shows that 40% of respondents have experienced more than 8 hours of downtime, causing significant financial losses to enterprises.

On average, a successful cyber attack can cost small and medium-sized enterprises 25000 dollars.

In addition, enterprises have to bear not only economic losses, but also reputation damage.

Because of this, many small and medium-sized enterprises closed down within half a year because they were unable to bear huge losses after being attacked by the network.

To this end, this article will take you to take an inventory of 9 types of security threats that small and medium-sized enterprises need to be alert to.

01.

Internal threats are becoming more and more serious.

More and more survey data show that there are more and more cyber threats from within the enterprise, including intentional or unintentional.

This does not necessarily mean that the attacker is lurking within the enterprise.

In general, if employees are careless about network security measures, such as using weak passwords, not updating antivirus software, etc.

Even insignificant ordinary employees can inadvertently endanger corporate business.

Another possibility is that current or former employees retaliate against the company or make malicious damage to corporate data or systems or steal confidential data out of economic interests.

Overall, the number of these internal threats is rising sharply.

According to a study by Ponemon Institute, internal threats have increased by 47 per cent in the past two years.

02.

Blackmail software attacks continue to increase.

Blackmail software attack is one of the most common network attacks in recent years.

According to Statista, ransomware accounted for 68.5% of all malware attacks in 2021.

The 2021 ransomware investigation report recently released by Fortinet shows that ransomware attacks are not only aimed at large enterprises, small and medium-sized enterprises are more vulnerable. In 2018 alone, more than 71% of extortion attacks were specifically targeted at small and medium-sized enterprises.

Ransomware attacks are often silent, such as employees inadvertently installing malicious programs on local devices, opening malicious email attachments, or clicking on links on phishing sites.

The ransomware then quickly infects the device, sometimes even the backup drive, encrypting all data, including data in the program or stored, or even backup.

According to Fortinet's 2021 ransomware survey report, 49 per cent of companies chose to pay ransoms directly, but many of the results were that the data were still damaged to some extent.

There are now more than 120 different types of blackmail software.

In 2022, ransomware attacks become more frequent and dangerous.

The way of extortion has also changed, and new methods such as double extortion (hackers ask for money twice) are becoming more and more common.

03.

Internet of things devices become targets of attack.

It is estimated that there are 22 billion active Internet of things (IoT) devices worldwide.

By 2025, this number is expected to reach 30 billion.

With the increase of devices in the Internet of things, attacks against the Internet of things are becoming more and more common.

It can even be said that the emergence of the Internet of things has changed the focus and scale of many network attacks.

Many employees use smart devices to work, or use wearables, connected cars, or voice assistants.

If these devices are connected to the corporate network, they are likely to become a springboard for attackers to invade the corporate network.

Today, the security protection capability of many Internet of things devices is still very weak, or even do not have the security capability at all.

For example, the device contains insecure components, poor logging mechanisms, the use of hard-coded passwords, no privacy protection, and so on.

In order to prevent Internet of things attacks, users must take security measures, such as changing insecure settings, using strong passwords, updating patches in time, and so on.

More importantly, there can be no blind spots in the security protection of the Internet of things, and all Internet of things devices in the enterprise should ensure the security protection capability.

04.

Password and multiple authentication are not in place.

Setting security passwords and enabling two-factor authentication-these two are almost the most common security awareness options and common sense.

But worryingly, these two are still common causes of security vulnerabilities in 2022.

Prior to this, many surveys on password security showed that a large number of people still use weak passwords, or even "extremely weak" weak passwords, such as "123456", "111111", "000000", "abcdef", "admin", and so on.

Such a weak password is equivalent to no password!

Similarly, two-factor authentication (2FA) or multi-factor authentication (MFA) is not common.

Or, to be exact, the system has this feature, but users do not often enable it.

According to a survey, only 2.3% of users have activated 2FA.

Weak passwords can even lead to serious security incidents.

For example, a blackmail software attack on Colonial Pipeline, a US gas pipeline operator, is said to be related to the inactivation of 2FA by an employee.

By contrast, activating the 2FA function and using complex passwords can prevent 100% of automated robot attacks, 96% of bulk phishing attacks, and 76% of direct target attacks.

05.

Cloud security protection short board.

Many small and medium-sized enterprises have a common security deficiency in cloud services.

Cloud services due to low tariff and maintenance costs as well as scalability